3) If I remove the pass phrase, what are the security implications? Is it anything to worry about?

Yes, if the private key is no longer encrypted, it is critical that this file only be readable by the root user. If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked immediately or the attack could put up a website pretending to be yours.